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July  16, 1999 


MEMORANDUM  FOR  DIRECTOR,  DEFENSE  LOGISTICS  AGENCY 

SUBJECT:  Audit  Report  on  Year  2000  Computing  Issues:  Defense  Logistics  Agency  - 
Standard  Automated  Materiel  Management  System  (Report  No.  99-215) 


We  are  providing  this  report  for  information  and  use.  This  report  is  one  of  a 
series  of  reports  being  issued  by  the  Inspector  General,  DoD,  in  accordance  with  an 
informal  partnership  with  the  DoD  Chief  Information  Officer  to  identify  progress  made 
by  DoD  Components  that  are  preparing  information  and  technology  systems  for  year 
2000  compliance.  We  considered  management  comments  on  a  draft  of  this  report  in 
preparing  the  final  report. 

Comments  from  the  Defense  Logistics  Agency  conformed  to  the  requirements  of 
DoD  Directive  7650.3  and  left  no  unresolved  issues.  Therefore,  no  additional  comments 
are  required. 


We  appreciate  the  courtesies  extended  to  the  audit  staff.  Questions  on  the  audit 
should  be  directed  to  Mr.  Tilghman  Schraden  at  (703)  604-9186  (DSN  664-9186),  email 
<tschraden@dodig.osd.mil>  or  Ms.  Kathryn  Palmer  at  (703)  604-8840  (DSN  664-8840), 
email  <kpalmer@dodig.osd.mil>.  See  Appendix  B  for  the  report  distribution.  The  audit 
team  members  are  listed  inside  the  back  cover. 


Robert  J.  Lieberman 
Assistant  Inspector  General 
for  Auditing 
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Executive  Summary 


Introduction.  This  is  one  in  a  series  of  reports  being  issued  by  the  Inspector 
General,  DoD,  in  accordance  with  an  informal  partnership  with  the  Chief 
Information  Officer,  DoD,  to  monitor  DoD  efforts  to  address  the  year  2000 
computing  challenge.  This  report  addresses  year  2000  issues  that  pertain  to  the 
Standard  Automated  Materiel  Management  System  (SAMMS),  which  provides 
support  to  the  Defense  Logistics  Agency  (DLA)  for  the  management  of 
consumable  items.  For  a  complete  listing  of  audit  projects,  see  the  year  2000 
webpage  on  the  IGnet  at  http://www.ignet.gov. 

SAMMS  consists  of  a  standard  set  of  materiel  management  functions  common  to 
all  three  DLA  supply  centers  and  supply  center  unique  functions.  SAMMS 
ranked  third  in  mission-critical  DLA  automated  systems  in  need  of  remediation. 
SAMMS  was  developed  during  the  1960s  to  provide  support  for  the  management 
of  consumable  items  for  DLA.  The  standard  SAMMS  functions  comprised 
five  subsystems:  acquisition  management,  asset  management,  financial 
management,  requirements  determination,  and  technical  and  logistics  support. 
SAMMS  provides  for  the  management  of  six  commodity  groups.  Those 
commodities  are:  clothing  and  textiles;  electronics;  construction;  industrial; 
medical;  and  general  supplies.  DLA  certified  SAMMS  as  Y2K  compliant  on 
March  30, 1999. 

Objectives.  The  overall  audit  objective  was  to  evaluate  whether  DLA  was 
adequately  planning  for  and  managing  year  2000  risks  to  avoid  undue  disruption 
to  its  supply  mission.  This  audit,  the  third  in  a  series  on  the  DLA  supply  mission, 
focused  on  the  core  DLA  supply  system,  SAMMS.  Specifically,  we  reviewed 
year  2000  interface  agreements,  testing  plans,  contingency  plans,  and  continuity 
of  operations  plans.  Additional  areas  of  the  “DoD  Year  2000  Management  Plan,” 
December  1998,  (DoD  Management  Plan)  that  we  assessed  included  contracts, 
funding,  information  assurance,  management  oversight  and  reporting,  and 
prioritization  and  inventorying  of  mission-critical  systems  and  infrastructure. 

Results.  DLA  and  its  three  subordinate  supply  centers  had  taken  action  to  ensure 
that  SAMMS  would  be  year  2000  compliant.  Actions  that  DLA  took  included: 
the  implementation  of  Y2K  contract  clauses;  the  allocation  of  necessary  funds,  the 
implementation  of  an  information  assurance  program,  the  establishment  of 
management  oversight  and  reporting,  and  the  prioritization  and  inventorying  of 
mission-critical  systems  and  infrastructure.  Additionally,  DLA  developed 
contingency  and  test  plans  and  performed  Y2K  testing.  However,  DLA  did  not 


fully  comply  with  the  requirements  of  the  DoD  Management  Plan  regarding 
interfaces,  test  documentation,  and  milestones.  Although  DLA  did  not  fully 
comply  with  the  DoD  Management  Plan,  it  subjected  SAMMS  to  intensive  testing 
before  certification.  Additional  testing  and  the  logistics  end-to-end  testing  would 
provide  further  assurance  that  the  DLA  core  supply  mission  performed  by 
SAMMS  would  be  year  2000  compliant.  See  the  Finding  section  for  details  of  the 
audit  results. 

Management  Actions  Taken  During  the  Audit.  DLA  had  not  planned  to  install 
the  final  SAMMS  upgraded  software  on  the  mid-tier  computers*  until  May  1 999 
although  the  DoD  Management  Plan  established  March  31,1 999,  as  the  final 
implementation  date  for  making  systems  fully  year  2000  compliant.  Based  on  our 
findings,  DLA  accelerated  the  fielding  dates  of  the  final  software  upgrades  for 
mid-tier  computers  to  April  5,  1999. 

Summary  of  Recommendation.  We  recommend  that  the  Director,  DLA  review 
SAMMS  interfaces  to  ensure  they  all  have  been  identified  and  will  be  tested 
during  the  scheduled  logistics  functional  end-to-end  testing  from  April  through 
June  1999. 

Management  Comments.  DLA  concurred  with  the  recommendation,  stating  that 
a  function  of  the  end-to-end  testing  plan  was  to  ensure  that  all  critical  thread 
interfaces  were  identified  and  included  in  the  test.  The  Capstone  (logistics)  end- 
to-end  testing  began  on  May  25,  1999,  and  was  scheduled  for  completion  on 
July  16, 1999.  See  the  Finding  section  of  the  report  for  a  discussion  of  the 
management  comments  and  the  Management  Comments  section  of  the  report  for 
the  complete  text  of  the  comments. 


'Mid-tier  computers  are  often  called  “  mini-computers”  and  are  less  powerful  than  mainframes.  They  have 
many  of  the  same  operational  characteristics  of  a  mainframe  but  do  not  require  a  specialized  operating 
environment.  Mid-tier  computers  are  typically  operated  in  an  office  environment. 
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Background 


Policies  on  Year  2000  Issues.  Because  of  the  potential  failure  of  computers  to 
function  throughout  the  Government,  the  President  issued  Executive  Order  13073, 
“Year  2000  Conversion,”  February  4, 1998,  making  it  policy  that  Federal 
agencies  ensure  that  no  critical  Federal  program  experiences  disruption  because  of 
the  year  2000  (Y2K)  problem.  The  order  requires  that  the  head  of  each  agency 
ensure  that  efforts  to  address  the  Y2K  problem  receive  the  highest  priority 
attention  in  the  agency. 

DoD  Year  2000  Management  Strategy.  In  his  role  as  the  DoD  Chief 
Information  Officer,  the  Senior  Civilian  Official,  Office  of  the  Assistant  Secretary 
of  Defense  (Command,  Control,  Communications,  and  Intelligence),  issued  the 
“DoD  Year  2000  Management  Plan”  (DoD  Management  Plan)  version  2.0,  in 
December  1998.  The  DoD  Management  Plan  required  DoD  Components  to 
implement  a  five-phase  (awareness,  assessment,  renovation,  validation,  and 
implementation)  Y2K  management  process.  The  DoD  Management  Plan  required 
completion  of  the  implementation  phase  for  mission-critical  systems  by 
December  31,  1998. 

Standard  Automated  Materiel  Management  System.  The  Defense  Logistics 
Agency  (DLA)  completed  the  implementation  phase  on  April  5, 1999,  and 
certified  the  Standard  Automated  Materiel  Management  System  (SAMMS)  as 
Y2K  compliant  on  March  30,  1999.  SAMMS  consists  of  a  standard  set  of 
materiel  management  functions  common  to  all  three  DLA  supply  centers  and 
supply  center  unique  functions.  SAMMS  ranked  third  in  mission-critical  DLA 
automated  systems  in  need  of  remediation.  SAMMS  was  developed  during  the 
1960s  to  provide  support  for  the  management  of  consumable  items  for  DLA.  The 
standard  SAMMS  functions  comprised  five  subsystems:  acquisition 
management,  asset  management,  financial  management,  requirements 
determination,  and  technical  and  logistics  support.  SAMMS  provides  for  the 
management  of  six  commodity  groups.  Those  commodities  are:  clothing  and 
textiles;  electronics;  construction;  industrial;  medical;  and  general  supplies. 

The  three  supply  centers  are  the  Defense  Supply  Center  (DSC)  Columbus,  the 
DSC  Philadelphia,  and  the  DSC  Richmond.  Each  DSC  is  responsible  for  the 
management  of  commodity  groups  that  are  unique  to  that  center  and  require 
commodity  specific  management  tools.  As  a  result,  each  DSC  has  a  multitude  of 
center  unique  subprograms  designed  to  allow  the  management  of  its  commodities. 
SAMMS  runs  on  mainframe  domains  located  at  the  Defense  Megacenter, 
Columbus,  and  mid-tiers1  and  personal  computers  located  at  the  supply  centers. 
The  DLA  management  strategy  for  fixing  Y2K  problems  requires  centralized 
management  and  decentralized  implementation.  The  following  are  key  positions 
and  organizations  responsible  for  ensuring  that  SAMMS  is  Y2K  compliant: 


'Mid-tier  computers  are  often  called  “mini-computers”  and  are  less  powerful  than  mainframes.  They  have 
many  of  the  same  operational  characteristics  of  a  mainframe  but  do  not  require  a  specialized  operating 
environment.  Mid-tier  computers  are  typically  operated  in  an  office  environment. 
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•  Defense  Information  Systems  Agency  (DISA)  is  the  central  manager 
for  major  portions  of  the  Defense  information  infrastructure.  DISA  is 
responsible  for  planning,  developing,  and  supporting  command, 
control,  communications,  computers,  and  intelligence  operations 
functions.  In  that  capacity,  DISA  provides  support  to  the  DoD  Chief 
Information  Officer  in  executing  Y2K  initiatives,  which  includes 
maintenance  of  a  list  of  tools  to  assist  in  resolving  Y2K  problems  and 
a  list  of  all  commercial  off-the-shelf  products  and  their  status  as  to 
Y2K  compliance.  DISA  is  also  responsible  for  operating  16  computer 
processing  organizations  referred  to  as  megacenters. 

•  The  DLA  Chief  Information  Officer  serves  as  the  chief  focal  point  for 
the  planning,  management,  and  execution  of  the  DLA  Y2K  program. 
The  DLA  Y2K  Program  Office  provides  the  direct  oversight  of  DLA 
Y2K  efforts  and  reports  to  the  DLA  Chief  Information  Officer. 

•  Defense  Logistics  Support  Command  (DLSC),  a  major  subordinate 
command  of  DLA,  provides  centralized  logistics  support  to  the 
Military  Departments  as  well  as  Federal  civil  agencies  and  foreign 
governments.  DLSC  is  responsible  for  the  preparation  and  the 
execution  of  the  DLSC  Y2K  oversight  program  and  for  prioritizing 
critical  systems  and  making  resource  recommendations. 

•  The  DLA  Systems  Design  Center  (DSDC)  was  disestablished  in 
November  1 998  and  its  operations  and  personnel  transitioned  to  other 
elements  within  DLA.  The  personnel  responsible  for  S AMMS  were 
assigned  to  DLSC.  For  simplicity,  we  have  referred  to  the  role  played 
by  the  former  DSDC  personnel  by  their  former  organizational  name 
throughout  this  report.  The  former  DSDC  personnel  are  responsible 
for  the  same  Y2K  functions  that  were  previously  performed  by  the 
DSDC.  Those  functions  include  acting  as  the  central  design  activity 
responsible  for  addressing  and  resolving  hardware  and  software  related 
problems  associated  with  Y2K  compliance  of  SAMMS. 

•  Defense  megacenters  operate  on  a  fee-for-service  basis  in  providing 
mainframe  computer  processing  service  to  functional  users.  Defense 
megacenters  are  the  primary  providers  of  mainframe  computer  services 
to  ftmctional  users  in  the  Army,  the  Navy,  the  Air  Force,  the  Marine 
Corps,  and  the  Defense  agencies  (such  as  DLA).  Defense  megacenters 
are  responsible  for  the  Y2K  compliance  of  its  computer  hardware  and 
the  executive  software. 


Objectives 


The  overall  audit  objective  was  to  evaluate  whether  DLA  was  adequately 
planning  for  and  managing  Y2K  risks  to  avoid  undue  disruption  to  its  supply 
mission.  This  audit,  the  third  in  a  series  on  the  DLA  supply  mission,  focused  on 
the  core  DLA  supply  system,  SAMMS.  Specifically,  we  reviewed  contingency 
plans  and  continuity  of  operations  plans,  Y2K  interface  agreements,  and  testing 
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plans.  Additional  areas  of  the  DoD  Management  Plan  that  we  assessed  included 
contracts,  funding,  information  assurance,  management  oversight  and  reporting, 
and  prioritization  and  inventorying  of  mission-critical  systems  and  infrastructure. 
See  Appendix  A  for  a  discussion  of  the  scope  and  methodology  and  for  a 
summary  of  prior  coverage. 
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Status  of  the  Standard  Automated 
Materiel  Management  System  Year  2000 
Program 

DLA  and  its  three  subordinate  supply  centers  had  taken  action  to  ensure 
that  SAMMS  would  be  Y2K  compliant.  Specifically,  DLA: 

•  implemented  Y2K  contract  clauses, 

•  allocated  necessary  funds, 

•  implemented  an  information  assurance  program, 

•  established  management  oversight  and  reporting, 

•  prioritized  and  inventoried  mission-critical  systems  and 
infrastructure, 

•  developed  contingency  and  test  plans,  and 

•  performed  Y2K  testing. 

However,  DLA  did  not  fully  comply  with  the  requirements  of  the  DoD 
Management  Plan.  DLA  did  not  comply  with  the  requirements  because  it 
did  not  fully  document  interfaces,  did  not  document  all  test  results,  did  not 
meet  the  Y2K  certification  milestone  of  December  31,1 998,  and  did  not 
test  in  a  Y2K  compliant  domain.  Although  DLA  did  not  fully  comply 
with  the  DoD  Management  Plan,  it  subjected  SAMMS  to  intensive  testing 
before  certification.  Additional  testing  and  the  logistics  end-to-end  testing 
would  provide  further  assurance  that  the  DLA  core  supply  mission 
performed  by  SAMMS  would  be  Y2K  compliant. 


DLA  Actions  Addressing  Year  2000  Problems 


DLA  implemented  and  executed  the  DoD  Management  Plan  as  part  of  its  efforts 
to  adequately  plan  for  and  manage  Y2K  risks  for  SAMMS.  DLA  complied  with 
the  DoD  Management  Plan  in  the  following  areas. 

Contracts.  DLA  had  implemented  policies  requiring  the  use  of  Y2K 
compliance  language  in  SAMMS  related  contracts  as  specified  in  the  Federal 
Acquisition  Regulation. 
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Funding.  DLA  had  identified,  prioritized,  budgeted,  and  funded  SAMMS 
Y2K  remediation  actions.  DLA  is  funding  Y2K  remediation  from  operating 
funds  and  from  the  Office  of  the  Secretary  of  Defense  (OSD)  Y2K  Emergency 
Supplemental  Funding  Appropriations. 

Information  Assurance.  DLA  had  developed  programs  and  procedures 
to  help  protect  the  SAMMS  mainframe,  mid-tier,  and  personal  computers  data 
processing  systems  from  improper  intrusion  or  data  corruption  resulting  from  an 
information  warfare  threat  to  the  Defense  information  infrastructure  and  SAMMS. 

Management  Oversight  and  Reporting.  DLA  developed  an  overall 
planning  strategy  to  make  SAMMS  Y2K  compliant  and  established  a 
management  structure  for  oversight,  implementation,  and  execution  of  SAMMS 
Y2K  remediation.  DLA  documented  the  overall  Y2K  strategy  in  the  “Defense 
Logistics  Agency  Year  2000  Management  Plan,  Version  1.2,”  September  19982, 
and  in  the  “Test  and  Evaluation  Master  Plan  (TEMP)  for  the  Defense  Logistics 
Agency  (DLA)  Year  2000  (Y2K)  Program,”  September  3,  1997.  In  addition, 
DLA  provided  periodic  reports  to  OSD  on  the  status  of  the  Y2K  program. 

Prioritization  and  Assessment  of  Inventory  and  Infrastructure.  DLA 

determined  that  34  of  its  automated  information  systems  were  mission-critical 
systems.  SAMMS  was  rated  3  of  34  mission-critical  DLA  systems.  In  addition, 
DLA  inventoried  and  assessed  for  Y2K  compliance  its  automated  information 
systems  and  supporting  infrastructure  to  include:  personal  computers  and  servers, 
telecommunication  equipment,  and  utilities.  DLA  had  inventoried  and  tracked  the 
status  of  SAMMS  mainframe,  mid-tier,  and  desktop  personal  computers.  The 
inventory  comprised  supporting  hardware  and  software  associated  with  SAMMS 
that  was  in  need  of  repair,  replacement,  or  termination  before  the  year  2000.  DLA 
also  identified  noncompliant  software  on  mid-tiers  and  had  taken  action  to  correct 
the  deficiency  by  installing  upgraded,  Y2K  compliant  software.  See  the  details 
later  in  this  report. 


Y2K  Contingency  Plans 

DLA  had  taken  positive  steps  to  develop  contingency  plans  to  ensure  that 
SAMMS  Y2K  risks  were  identified  and  procedures  were  in  place  to  address 
potential  Y2K  failures.  DLA  met  the  milestones  and  the  criteria  established  by 
the  DoD  Management  Plan  for  both  system  and  operational  contingency  plans. 

Definition  of  Contingency  Plan.  The  DoD  Management  Plan  acknowledges  that 
despite  best  efforts,  not  all  DoD  systems  will  be  Y2K  compliant  by  January  1 , 
2000.  A  contingency  plan  provides  a  means  to  minimize  the  adverse  impact  of 
disruptions  as  a  result  of  interface  or  user  data  problems.  Guidance  in  the  DoD 
Management  Plan  addresses  three  types  of  Y2K  contingency  plans:  system 
contingency  plans,  operational  contingency  plans,  and  programmatic  contingency 
plans.  The  system  and  operational  contingency  plans  are  applicable  to  SAMMS, 
but  the  programmatic  plans  are  not.  Programmatic  contingency  plans  apply  to 


2The  DLA  Year  2000  Management  Plan  was  under  revision  at  the  time  of  the  audit.  A  revised  plan  was 
issued  in  April  1999. 


new  systems  or  systems  under  renovation  that  will  replace  an  existing  system. 
Appendix  H  of  the  DoD  Management  Plan  makes  the  following  statements 
regarding  the  contingency  planning  process: 

The  purpose  of  a  contingency  plan  is  to  provide  a  road  map  of 
predetermined  actions  that  will  streamline  decision-making  during  the 
contingency  to  enable  resumption  of  mission  operations  at  the  earliest 
possible  time,  in  the  most  cost-effective  manner  A  contingency  plan 
will  establish,  organize,  and  document  risk  assessments, 
responsibilities,  policies  and  procedures,  as  well  as  agreements  and 
understandings  for  all  internal  and  external  entities.  Personnel  should 
be  trained  in  the  execution  of  contingency  plans  and  the  plans  should 
be  tested  and  updated  periodically  to  assure  that  they  remain  current 
and  valid.  Y2K  system  contingency  plans  address  the  technical  aspects 
of  potential  disruptions  in  systems  believed  to  be  Y2K  compliant. 

Plans  should  include  technical  workarounds  necessary  to  recover  the 
system  or  use  other  systems  capabilities  to  meet  the  customer’s 
requirement  to  sustain  mission  critical  capabilities.  The  operational 
contingency  plan  (also  known  as  an  operational  continuity  plan  or 
contingency  management  plan)  deals  with  continuing  and  completing 
missions/functions  in  “worst  case”  scenarios.  Each  core 
mission/function  and  critical  process  should  have  an  operational 
contingency  plan.  Operational  contingency  planning  is  the  primary 
management  tool  to  prepare  for  unanticipated  disruptions. 

SAMMS  System  Contingency  Plan.  The  “  SAMMS  Year  2000  Business 
Continuity  and  Contingency  Plan  (BCCP),”  November  10.  1998,  served  as  the 
system  level  contingency  plan  for  SAMMS.  The  DoD  Management  Plan  states 
that  the  system  contingency  plan  should  address  processes  and  procedures  for 
restoring  functionality  to  a  disrupted  system  thought  to  be  Y2K  compliant.  The 
SAMMS  plan  met  the  basic  requirement  for  system  contingency  planning 
outlined  in  the  DoD  Management  Plan  and  met  the  milestone  date  of 
December  31, 1998,  for  completion  of  the  plan. 

DLSC  Y2K  Operational  Contingency  Plan.  DLSC  was  responsible  for 
developing  and  integrating  the  operational  contingency  plans  from  the  three  DSCs 
into  a  single  plan.  The  “  Defense  Logistics  Support  Command  Y2K  Business 
Continuity  and  Contingency  Plan:  Y2K  Operational  Contingency  Plan,” 
(Operational  Contingency  Plan),  March  1999,  included  the  supply  management 
functions  performed  by  SAMMS  and  other  DLA  materiel  management  functions. 
To  meet  the  March  3 1 , 1999,  OSD  milestone  for  the  development  of  the 
Operational  Contingency  Plan,  DLA  delegated  the  responsibility  for  developing 
specific  sections  of  the  operational  contingency  plan  to  the  three  DSCs. 

•  DSC  Columbus  was  responsible  for  the  requirements  determination 
process. 

•  DSC  Philadelphia  developed  the  acquisition  and  contracts  sections. 

•  DSC  Richmond  developed  the  asset  management  and  requisition 
process  portion. 
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Included  in  the  Operational  Contingency  Plan,  as  required  by  the  DoD 
Management  Plan,  were: 

•  the  definition  of  the  organizational  missions  and  functions  of  SAMMS, 

•  mission-critical  systems  that  support  SAMMS  core, 

•  emergency  notification  procedures  with  points  of  contact  and  phone 
numbers  to  report  the  loss  or  degradation  of  SAMMS  and  supporting 
system  functionality, 

•  procedures  for  automated  information  system  users  to  detect  possible 
corrupt  SAMMS  system  data, 

•  procedures  to  execute  the  functions  of  SAMMS  without  the  assistance 
of  the  systems  normally  supporting  SAMMS, 

•  list  of  alternative  suppliers  for  mission-critical  supplies  and  a  Y2K 
supplier  assessment  plan  that  were  developed  as  backups  for  SAMMS 
and  for  a  possible  Y2K  system  failure, 

•  the  impacts  that  the  loss  of  SAMMS  functionality  would  have  on  the 
DLA  organization  and  supply  mission, 

•  recovery  procedures  SAMMS  would  use  to  restore  data  collected 
through  alternative  means,  and 

•  links  to  relevant  system  operational  contingency  plans. 

Y2K  Operational  Contingency  Plan  Testing.  From  April  through  June  1999, 
DLA  planned  to  test  its  SAMMS  Y2K  operational  contingency  plan  as  required 
by  the  DoD  Management  Plan.  DLA  planned  tests  include  procedure  review 
exercises,  rehearsals  of  desktop  exercises  or  simulation  exercises,  and  audits. 

DLA  reported  that  it  had  completed  testing  of  mitigation  strategies  by  the  June  30, 
1999,  target  date. 


Interfaces  and  Interface  Agreements 


DLA  had  not  fully  documented  external  interfaces.  Because  DLA  did  not  follow 
the  guidance  in  the  DoD  Management  Plan,  with  respect  to  developing  SAMMS 
interface  agreements,  risks  remain  that  DLA  needs  to  address  through  ensuring 
further  testing  of  interfaces  during  the  end-to-end  testing. 

Interface  Definition.  The  DoD  Management  Plan  defines  an  interface  as  “  a 
boundary  across  which  two  systems  communicate.”  In  addition,  the  DoD 
Management  Plan  states,  “  an  interface  might  be  a  hardware  connector  used  to  link 
to  other  devices,  or  it  might  be  a  convention  used  to  allow  communication 
between  two  software  systems.”  External  interfaces  are  defined  as,  “  interfaces 
that 
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are  outside  of  the  components  (i.e.fthat  is],  other  DoD,  Federal,  State,  and  Local 
Government,  Private  Sector,  Foreign  government,  and  Foreign  private).”  Internal 
interfaces  are  defined  as  interfaces  that  are  within  the  Component. 

Interface  Strategy.  The  DLA  strategy  for  external  (non-DLA)  interfaces  consists 
of  establishing  interface  agreements  that  focus  on  whether  the  current  interfaces 
change  date  formats.  If  interfaces  change  date  formats,  the  DLA  strategy  is  to 
concentrate  on  building  bridges  to  accommodate  the  modified  interface  and  to 
ensure  that  Y2K  trigger  dates  are  transmitted  through  the  interface.  Y2K  trigger 
dates  are  those  dates  that  have  been  identified  as  having  the  potential  to  cause  a 
Y2K  computational  error  due  to  the  representation  of  the  year  2000.  They  include 
01-01-00  and  02-29-00.  If  interface  date  formats  do  not  change,  the  DLA  strategy 
focuses  on  identification  and  testing  of  trigger  dates. 

Interface  Agreements.  According  to  the  DoD  Management  Plan,  external 
interface  agreements  must  contain  the  following  minimum  information: 

•  names  of  interfacing  systems; 

•  description  of  interface  (including  data  set  and  date  file  name); 

•  interface  strategy  for  both  receiving  and  sending  systems  (file 
expansion,  procedural  code,  sliding  window,  or  other  specified 
strategy); 

•  milestone  dates  for  analyses,  programming  testing,  joint  testing,  and 
implementation; 

•  review  and  acceptance  process; 

•  point  of  contact  for  each  interfacing  system,  to  include  organization, 
telephone,  and  e-mail  address;  and 

•  signature  of  point  of  contact  for  each  interfacing  system. 

External  Agreements.  DLA  provided  copies  of  S AMMS  interface  agreements 
for  27  external  systems.  A  review  of  the  27  SAMMS  interface  agreements 
disclosed  that  none  met  the  minimum  requirements  described  in  the  DoD 
Management  Plan.  The  following  table  indicates  the  required  elements  included 
in  the  interface  agreements  for  the  27  external  systems  and  the  requirements  that 
each  element  met. 
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SAMMS  Interface  Agreements:  Required  Interface  Elements  Met 

Interface  Review  Point  of 

Name  Description  Strategy  Milestones  Process  Contact  Signature 


1  ACLDB 

2  ATAV 

3  CISIL  X 

4  CCSS  X 

5  CCSS/SPR  X 

6.  Coast  Guard 
(Billing  System) 

7  DBMS  X 

8  DCA 

9  DO40  X 

10.  D072  X 

11.  EUD 

12.  FAA 

13.  FRB 

14.  ITEMAPS 

15.  JCALS 

16.  JEDMICS  X 

17.  Marine 
Corps 

18.  Maritime 

19.  MRDB 

20.  RAM 

21.  SC&O 

22.  SRD-1 

23.  SSF 

24.  TANDEM  X 

25.  UADPS 

26.  Veterans 

27.  WRS 


X 

X 


X 

X 

X 


X 


X 


X  X 


X  X 


X  X 


X 

X 

X 

X 

X 

X 

X 

X 

X 

X 

X 

X 

X 

X 

X 

X 

X 

X 

X 

X 

X 

X 

X 

X 

X 

X 

X 


^Complete  names  or  a  brief  description  of  interfaces  are  listed  on  next  page 
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1 .  Army  Central  Logistics  Data  Base 

2.  Army  Total  Asset  Visibility 

3.  Centralized  Integrated  System  International  Logistics 

4.  Commodity  Command  Standard  System 

5.  Commodity  Command  Standard  System  /Special  Program  Requirements 

6.  Coast  Guard  Billing  System 

7.  Defense  Business  Management  System 

8.  Defense  Commissary  Agency  Supply  System 

9  War  Readiness  Material  Lists,  Requirements  and  Spares  Support  Lists  (Air  Force) 

10.  Other  War  Reserve  Material  Requirements  (Air  Force) 

1 1 .  Eliminating  Unmatched  Disbursements 

12.  Federal  Aviation  Administration  Supply  System 

13.  Federal  Reserve  Bank  Financial  Clearing  System 

14.  Item  Applications  System 

15.  Joint  Computer  Aided  Acquisition  and  Logistics  System 

16.  Joint  Engineering  Data  Management  System 

1 7.  Marine  Corps  logistics  system  for  base  at  Albany 

18.  Maritime  Standard  Financial  System 
19  Material  Returns  Data  Base 

20.  Residual  Asset  Management 

21.  Stock  Control  and  Distribution/ Automated  Warehouse  System 

22.  Standard  Financial  System  Redesign- 1 

23.  Single  Stock  Fund  System 

24  Computer  platform  used  for  Navy  Asset  Visibility  System 

25.  Uniform  Automated  Data  Processing  System 

26.  Department  of  Veterans  Affairs  Financial  System 

27.  Marine  Corps  War  Reserve  System 
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Prime  Vendor  Interfaces.  DLA  did  not  develop  formal  interface  agreements 
with  its  52  prime  vendor  interface  partners.  DLA  explained  that  all  contracts  with 
vendors  contained  a  clause  requiring  that  the  vendor  be  Y2K  compliant.  In 
addition,  DLA  reported  that  the  DSCs  and  prime  vendor  functional  personnel 
consulted  extensively  on  both  establishing  the  prime  vendor  testing  requirements 
and  developing  the  “Prime  Vendor  Y2K  Compliance  Assessment  Test 
Plan,”  September  24, 1998.  The  test  plan  contained  the  methodology  for 
conducting  a  Y2K  compliance  assessment  of  a  single  prime  vendor.  A  proof  of 
concept  demonstration  was  successfully  completed  in  January  1999.  A  proof  of 
concept  is  a  demonstration  to  test  a  prime  vendor’s  ability  to  provide  supplies  in 
both  the  20th  and  21st  century  using  representative  data.  Testing  took  place  at  a 
vendor  site  and  was  conducted  jointly  by  the  vendor  and  DLA  personnel.  As  a 
result  of  the  successful  proof  of  concept  demonstration,  additional  testing  was 
scheduled  for  the  remaining  prime  vendors  from  March  through  July  1999.  As  of 
June  30, 1999,  29  prime  vendors  were  successfully  tested. 

Importance  of  Interfaces.  Accurate  data  exchanges  with  all  interface  partners 
are  critical  to  the  successful  operation  of  SAMMS.  Automated  information 
system  interface  identification,  along  with  properly  prepared  interface  agreements, 
must  be  in  place  to  ensure  accurate  data  exchanges.  Those  agreements  also 
facilitate  the  preparation  of  the  plans  for  Y2K  testing  required  by  the  Deputy 
Secretary  of  Defense  memorandum,  “  Year  2000  (Y2K)  Verification  of  National 
Security  Capabilities.”  The  deficiencies  in  the  identification  of  key  interface  data 
in  the  interface  agreements  creates  risk  that  DLA  has  not  addressed. 


Testing  of  SAMMS 

DLA  aggressively  pursued  renovation  and  testing  of  SAMMS  as  part  of  the 
SAMMS  Y2K  mitigation  strategy.  However,  DLA  did  not  fully  comply  with  the 
requirements  of  the  DoD  Management  Plan  because  DLA  did  not  document  all 
Y2K  test  results  and  could  not  certify  SAMMS  as  compliant  by  the  December  31, 
1998,  certification  and  implementation  milestone.  Additionally,  DLA  did  not 
perform  SAMMS  Y2K  testing  on  a  Y2K  compliant  mainframe  domain  and  the 
SAMMS  mainframe  production  domain  on  which  the  SAMMS  was  operating  was 
not  Y2K  compliant  because  the  domains  used  a  noncompliant  compiler. 

However,  DLA  obtained  a  waiver  from  OSD  to  use  the  noncompliant  compiler  on 
the  mainframe  domains.  As  a  result  of  the  SAMMS  Y2K  mitigation  and  testing 
strategy  that  DLA  executed  and  the  waiver  that  OSD  granted,  DLA  certified 
SAMMS  as  Y2K  compliant  on  March  30,  1999.  DLA  reported  that  SAMMS  was 
fully  implemented  as  of  April  5, 1999. 

SAMMS  Y2K  Test  Strategy.  The  SAMMS  Y2K  remediation  and  test  strategy 
addressed  a  complex,  multi-tiered  structure  of  mainframe,  mid-tier,  and  personal 
computer  applications  that  SAMMS  used  in  the  overall  supply  mission.  DLA 
began  the  SAMMS  Y2K  remediation,  testing,  and  implementation  process  in  July 
1996  and  certified  the  SAMMS  as  Y2K  compliant  on  March  30,  1 999.  In  its 
overall  execution  of  the  SAMMS  Y2K  remediation  effort,  DLA  substantially 
accomplished  the  requirements  of  the  DoD  Management  Plan  for  Y2K 
remediation,  testing,  and  implementation  of  mission-critical  systems.  The  DLSC 
developed  the  “Defense  Logistics  Support  Command  Primary  Level  Field 
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Activity  Year  2000  Program  Management  Plan,”  version  3.0  (DLSC  Y2K 
Management  Plan),  October  19983,  that  identified  SAMMS  Y2K  testing 
responsibilities.  DSDC  in  conjunction  with  the  DSCs  developed  test  plans 
detailing  the  various  types  of  testing  that  DLA  performed  as  part  of  the  SAMMS 
Y2K  remediation.  DLA  identified  noncompliant  mainframe,  mid-tier,  and 
personal  computer  software  products  and  either  terminated  the  products,  replaced 
them  with  Y2K  compliant  products  or  obtained  a  waiver  from  OSD  allowing  the 
continued  use  of  the  noncompliant  product.  In  addition  to  the  tests  that  DLA  used 
as  the  basis  for  the  SAMMS  Y2K  certification,  DLA  planned  to  perform 
additional  Y2K  tests  to  provide  further  assurance  that  SAMMS  is  Y2K  ready  and 
to  reduce  the  risk  of  Y2K  failure. 

Test  Responsibilities  and  Procedures.  The  DLSC  Y2K  Management  Plan 
assigned  the  Y2K  remediation  responsibilities  for  SAMMS  standard  applications 
to  DSDC  and  the  SAMMS  unique  applications  to  the  DSCs.  DSDC  developed  an 
overall  Y2K  remediation  strategy  for  SAMMS  as  well  as  the  test  procedures  used 
as  the  basis  for  Y2K  certification.  DSDC  also  developed  date  utility  tools  that 
identified  date  usage  and  introduced  logic  to  make  the  date  references  Y2K 
compliant.  The  DSCs  used  the  DSDC  test  approach  for  developing  test  plans  for 
the  supply  center  unique  applications  and  used  the  DSDC  software  utilities  for 
making  date  fixes.  The  individual  DSCs  also  took  steps  to  ensure  that  the 
hardware  and  software  for  personal  computers  used  by  the  DSCs  in  performing 
SAMMS  functions  were  also  Y2K  compliant.  DLA  based  the  SAMMS  Y2K 
certification  on  the  unit  testing  of  individual  SAMMS  programs  and  the  testing  of 
the  SAMMS  conversion  to  an  International  Business  Machines  OS390  (OS390) 
operating  system.  DLA  documented  the  procedures  to  be  followed  in  executing 
those  tests  in  two  separate  test  plans. 

Standard  Applications  Test  Results.  As  part  of  the  Y2K  tests  of  SAMMS 
standard  applications,  DSDC  identified  SAMMS  date  usage;  tested  Y2K  critical 
dates;  tested  interfaces  by  simulation;  performed  regression  testing;  and  reviewed 
test  results  with  a  team  comprising  functional  experts  and  technical  systems 
personnel  from  each  DSC.  DSDC  also  obtained  the  services  of  a  contractor  to 
perform  an  independent  review  of  the  test  results.  It  completed  checklists  to 
certify  the  test  results  and  implemented  the  revised  SAMMS  applications  into 
production  upon  completion  of  testing.  As  a  result  of  the  SAMMS  Y2K 
remediation  and  testing,  DSDC  prioritized;  remediated;  and  completed  testing  of 
about  4.7  million  lines  of  code,  representing  2,942  programs.  DSDC  completed 
the  testing  of  mainframe  programs  on  October  13, 1998.  On  March  17, 1999,  it 
began  time  machine  testing,  to  validate  that  SAMMS  will  operate  when  the 
machine  date  is  moved  to  the  year  2000.  DSDC  also  completed  the  Y2K 
remediation  for  mid-tier  and  personal  computer  applications  by  March  30, 1999. 

Additionally,  as  part  of  the  SAMMS  Y2K  remediation  and  testing  strategy, 

DSDC  developed  and  executed  the  “Year  2000  OS390  SAMMS  System 
Conversion  DID-Software  Test  Plan  (STP),”  August  19, 1998.  As  part  of  the 
OS390  conversion,  SAMMS  was  transferred  from  a  noncompliant  MVS-XA 


3The  DLSC  Y2K  Management  Plan  was  an  evolving  document  that  was  under  revision  at  the  time  of  the 
audit  The  most  recently  approved  version  is  4.0,  dated  April  2, 1999 
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operating  system  to  the  Y2K  compliant  OS390  operating  system.  The  OS390 
operating  system  is  part  of  the  executive  software  that  runs  on  the  SAMMS 
mainframe  test  and  production  domains  at  the  Defense  Megacenter  Columbus. 

The  conversion  and  test  plan  included  the  testing  of  SAMMS  standard 
applications  and  selected  DSC  unique  applications  to  verify  that  the  applications 
retained  their  functionality  and  interoperability  after  migrating  from  the  MVS-XA 
operating  system  to  the  OS390  operating  system.  DSDC  completed  the  OS390 
conversion  and  test  on  January  23, 1 999. 

Unique  Applications  Test  Results.  As  part  of  the  Y2K  tests  of  SAMMS  unique 
applications,  each  DSC  prioritized,  remeditated,  and  tested  the  various  SAMMS 
unique  applications  that  had  been  developed  by  the  individual  DSCs.  For  the 
SAMMS  unique  applications,  each  DSC  identified  SAMMS  date  usage,  tested 
Y2K  critical  dates,  performed  regression  testing,  and  reviewed  test  results  with  a 
team  comprising  functional  experts  and  technical  systems  personnel  from  the 
DSC.  DLA  also  obtained  the  services  of  a  contractor,  who  performed  an 
independent  review  of  the  test  results.  In  addition,  each  DSC  completed 
checklists  to  certify  the  test  results  and  implemented  SAMMS  applications  into 
production  upon  completion  of  testing.  As  a  result  of  the  SAMMS  Y2K 
remediation  and  testing  to  support  the  system  certification  on  March  30,  1999,  the 
DSCs  implemented  about  1,215  mainframe  mission-critical  unique  applications 
and  replaced  or  terminated  about  2,086  others.  The  DSCs  also  implemented 
about  97  mid-tier  mission-critical  unique  applications  and  replaced  or  terminated 
14  others  in  support  of  the  system  certification. 

Test  Results  Documentation.  While  DLA  aggressively  pursued  renovation  and 
testing  of  SAMMS,  DLA  did  not  retain  complete  test  results  because  it  was  not 
required  in  the  overall  testing  strategy  that  DSDC  developed.  The  DoD 
Management  Plan  requires  that  all  test  results  be  documented  and  available  upon 
request.  Complete  test  results  were  not  available  to  document  the  SAMMS  Y2K 
testing  because  some  tests  did  not  result  in  printed  output  and  the  overall  DSDC 
Y2K  test  procedure  states  that  the  test  results  can  be  disposed  of  after  the  test  has 
been  approved  and  the  program  released.  DSCs  reported  on  their  SAMMS  Y2K 
certification  checklists  that  either  no  test  results  were  available  or  only  samples  of 
test  results  were  available  for  review.  DSCs  did  not  retain  copies  of  the  test 
results  because  not  all  tests  resulted  in  a  hardcopy  product  and  because  they 
verified  the  accuracy  of  the  test  results  based  on  a  review  of  the  data  on  computer 
screens.  Additionally,  DLSC  personnel  stated  that  it  would  be  too  voluminous  to 
document  each  test;  therefore,  they  did  not  require  that  the  results  of  each  test  be 
documented  in  hardcopy.  As  a  result,  DLA  did  not  fully  comply  with  the  DoD 
Management  Plan  because  DSDC  and  the  DSCs  did  not  retain  complete  test 
results  for  the  Y2K  testing  of  SAMMS  standard  and  unique  applications. 

Although  DLA  did  not  document  the  test  results  as  the  tests  were  being 
performed,  DLA  personnel  stated  that  the  test  results  could  be  recreated  if  they  are 
needed. 

Implementation  and  Certification  Delay.  DLA  did  not  meet  the  December  31, 
1998,  milestone  for  certification  and  implementation  required  by  the  DoD 
Management  Plan  because  DLA  correctly  would  not  consider  SAMMS  Y2K 
compliant  until  both  the  SAMMS  applications  and  the  operating  environment 
were  Y2K  compliant.  DLA  delayed  the  SAMMS  Y2K  certification  until 
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SAMMS  was  converted  to  and  tested  in  a  mainframe  operating  environment  that 
was  compliant  and  until  Y2K  compliant  software  was  installed  on  the  mainframe 
and  mid-tiers.  DLA  delayed  the  SAMMS  Y2K  certification  even  though  DSDC 
completed  testing  the  SAMMS  standard  applications  on  October  13, 1998. 

DSDC  converted  SAMMS  from  the  noncompliant  MVS-XA  operating 
environment  to  the  Y2K  compliant  OS390  mainframe  operating  environment  and 
completed  the  testing  for  that  conversion  on  January  23,  1999.  DLA  also  delayed 
SAMMS  Y2K  certification  until  after  it  installed  a  Y2K  compliant  electronic  data 
interchange  (EDI)  translator  on  the  mainframe.  The  EDI  product  was  used  by 
SAMMS  applications  that  supported  the  clothing,  textiles,  and  medical 
commodities  and  the  Defense  Integrated  Subsistence  Management  System.  DLA 
replaced  the  noncompliant  EDI  translator  with  a  Y2K  compliant  product  that  was 
installed  and  operational  as  of  March  30, 1999.  Finally,  DLA  also  completed  the 
installation  of  about  32  manufacturers  developed  patches  to  the  DSC  mid-tiers  on 
April  5, 1999. 

Domain  Status.  DLA  did  not  perform  the  testing  that  was  used  as  the  basis  for 
SAMMS  Y2K  certification  in  a  Y2K  compliant  mainframe  domain.  In  addition, 
the  SAMMS  mainframe  production  domain  in  which  the  SAMMS  was  operating 
was  not  Y2K  compliant.  Specifically,  as  of  February  1 1, 1999,  the  SAMMS 
mainframe  test  and  production  domains  that  were  located  at  the  Defense 
Megacenter  Columbus  were  not  Y2K  compliant  because  the  domains  used  a 
noncompliant  compiler  and  a  noncompliant  EDI  translator.  A  compiler  is  a 
program  that  translates  the  source  code  written  by  a  programmer  into  object  code 
that  the  computer  can  understand.  The  DoD  Management  Plan  requires  that  a 
system  be  tested  on  a  compliant  domain  and  in  an  operationally  compliant 
environment  in  order  to  exit  the  validation  phase.  According  to  the  DoD 
Management  Plan,  any  system  that  was  not  validated  in  a  compliant  environment 
by  January  31,1 999,  required  a  waiver.  DLA  complied  with  that  requirement  and 
obtained  a  waiver  for  the  compiler.  The  Office  of  the  Assistant  Secretary  of 
Defense  (Command,  Control,  Communications,  and  Intelligence)  granted  a 
waiver  to  DLA  on  January  5, 1999,  that  allowed  the  use  of  the  noncompliant 
compiler  until  the  second  quarter  of  calendar  year  2000.  The  noncompliant 
mainframe  was  the  responsibility  of  DISA,  which  we  discussed  in  Inspector 
General,  DoD,  Report  No.  99-100,  “Year  2000  Computing  Issues:  Defense 
Logistics  Agency  Distribution  Standard  System,”  March  2,  1999.  Additionally, 
DLA  replaced  the  noncompliant  EDI  translator  with  a  Y2K  compliant  product 
that  was  installed  and  operational  as  of  March  30, 1999. 

Additional  Y2K  Testing.  In  addition  to  the  testing  procedure  that  DLA  used  as 
the  basis  for  SAMMS  Y2K  certification,  it  performed  other  tests  for  the  SAMMS 
Y2K  remediation  in  order  to  provide  further  assurance  that  SAMMS  was  Y2K 
ready  and  to  reduce  the  risk  of  Y2K  failure.  The  tests  were  the  time  machine  test, 
the  prime  vendor  test,  and  the  supplier  capability  assessment.  The  prime  vendor 
test  and  supplier  capability  assessments  were  documented  in  separate  test  plans 
and  DLA  was  developing  the  test  plan  for  the  time  machine  test.  The  time 
machine  test  was  to  validate  that  the  system  would  operate  when  the  machine  date 
is  moved  to  year  2000.  The  prime  vendor  test  was  designed  to  test  a  prime 
vendor’s  capability  to  deliver  goods  to  DLA  into  the  next  century.  The  supplier 
capability  assessment  was  to  determine  the  Y2K  status  of  critical  suppliers  who 
provided  items  for  which  DLA  was  the  integrated  materiel  manager.  Also,  the 
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assessment  was  to  identify  critical  items  and  suppliers,  prioritize  suppliers  for 
assessment,  assess  suppliers’  Y2K  compliance,  provide  assessment  results  to  the 
Joint  Supplier  Capability  Working  Group,  and  prepare  mitigation  plans  to  ensure 
support  to  the  warfighter. 


Summary 

DLA  had  aggressively  pursued  Y2K  remediation  of  SAMMS.  DLA  actions 
included:  implementation  of  Y2K  contract  clauses;  allocation  of  necessary  funds; 
implementation  of  an  information  assurance  program;  establishment  of 
management  oversight  and  reporting;  and  prioritization  and  inventorying  of 
mission-critical  systems  and  infrastructure.  However,  DLA  did  not  folly  comply 
with  the  requirements  of  the  DoD  Management  Plan.  It  did  not  document  all  test 
results;  could  not  certify  SAMMS  as  Y2K  compliant  by  the  December  31,  1998, 
milestone;  and  did  not  test  or  implement  SAMMS  in  a  Y2K  compliant  domain. 
Although  DLA  did  not  folly  comply  with  the  DoD  Management  Plan,  it  subjected 
SAMMS  to  extensive  testing  and  verification  before  certification.  Additional 
testing  during  the  April  though  June  1 999  logistics  end-to-end  testing  would 
provide  further  assurance  that  the  DLA  core  supply  mission  that  SAMMS 
performs  will  be  Y2K  compliant. 


Management  Actions  Taken 

DLA  did  not  plan  to  install  Y2K  upgraded  software  on  the  SAMMS  mid-tier 
platforms  until  May  1999.  That  date  would  not  meet  the  March  31,  1999,  date 
required  by  the  DoD  Management  Plan  for  completion  of  the  implementation 
phase  for  all  systems.  Based  on  our  recommendation,  DLA  officials  took  action 
to  remedy  the  potential  problem  area  by  accelerating  the  fielding  dates  of  the  mid¬ 
tier  software  upgrades  to  April  5, 1999. 


Recommendation  and  Management  Comment 

We  recommend  that  the  Director,  Defense  Logistics  Agency  review  the 
Standard  Automated  Materiel  Management  System  interfaces  to  ensure  that 
the  critical  thread  interfaces  have  been  identified  and  will  be  tested  during 
the  logistics  functional  end-to-end  testing  that  is  scheduled  from  April 
through  June  1999. 

DLA  Comments.  DLA  concurred,  stating  that  a  function  of  the  end-to-end 
testing  plan  was  to  ensure  that  all  critical  thread  interfaces  were  identified  and 
included  in  the  test.  The  Capstone  (logistics)  end-to-end  testing  began  on  May 
25, 1999,  and  was  scheduled  for  completion  on  July  16, 1999. 
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Appendix  A,  Audit  Process 


This  is  one  in  a  series  of  reports  being  issued  by  the  Inspector  General,  DoD,  in 
accordance  with  an  informal  partnership  with  the  DoD  Chief  Information  Officer 
to  monitor  DoD  efforts  to  address  the  Y2K  computing  challenge.  For  a  listing  of 
audit  projects  addressing  this  issue,  see  the  Y2K  webpage  on  the  IGnet  at 
http  ://www.ignet.gov/. 


Scope  and  Methodology 

Work  Performed.  We  reviewed  and  evaluated  the  status  of  the  progress  that 
DLA  had  made  in  resolving  Y2K  computing  issues  for  SAMMS.  We  evaluated 
the  Y2K  efforts  of  DLA  and  compared  those  efforts  with  the  DoD  Management 
Plan.  We  obtained  documentation  on  system  inventory  status,  interface 
agreements,  contingency  plans,  test  plans,  and  test  results  available  as  of 
March  31,  1999.  We  also  assessed  areas  of  the  DoD  Management  Plan  including 
contracts,  funding,  information  assurance,  management  oversight  and  reporting, 
prioritization,  and  assessment  of  inventory  and  infrastructure.  We  interviewed 
personnel  within  the  DLA  Chief  Information  Officer  Y2K  Program  Office,  the 
DLSC,  the  Office  of  the  SAMMS  Y2K  Project  Manager,  and  the  DSCs 
concerning  Y2K  compliance.  We  used  the  information  we  gathered  from  the 
interviews  and  documents  to  assess  efforts  related  to  the  multiple  phases  of 
managing  the  Y2K  problem. 

Limitation  of  Audit  Scope.  Our  review  did  not  include  nonstandard  computer 
systems  or  applications  that  were  developed  outside  the  purview  of  DLA.  We  did 
not  test  Y2K  compliance  of  DLA  automated  information  systems. 

DoD-Wide  Corporate  Level  Goals.  In  response  to  the  Government  Performance 
and  Results  Act,  DoD  established  6  DoD-wide  corporate-level  performance 
objectives  and  14  goals  for  meeting  the  objectives.  This  report  pertains  to 
achievement  of  the  following  objective  and  goal. 

•  Objective:  Prepare  now  for  an  uncertain  future.  Goal:  Pursue  a 
focused  modernization  effort  that  maintains  U.S.  qualitative 
superiority  in  key  war  fighting  capabilities.  (DoD-3) 

DoD  Functional  Area  Reform  Goals.  Most  major  DoD  functional  areas  have 
also  established  performance  improvement  reform  objectives  and  goals.  This 
report  pertains  to  achievement  of  the  following  functional  area  objectives  and 
goals  in  the  Information  Technology  Management  Functional  Area. 

•  Objective:  Become  a  mission  partner.  Goal:  Serve  mission 
information  users  as  customers.  (ITM-1.2) 
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•  Objective:  Provide  services  that  satisfy  customer  information  needs. 
Goal:  Modernize  and  integrate  Defense  information  infrastructure. 
(ITM-2.2) 

•  Objective:  Provide  services  that  satisfy  customer  information  needs. 
Goal:  Upgrade  technology  base.  (ITM-2.3) 

High-Risk  Area.  In  its  identification  of  risk  areas,  the  General  Accounting 
Office  has  specifically  designated  risk  in  resolution  of  the  Y2K  problem  as  high. 
This  report  provides  coverage  of  that  problem  and  the  overall  Information 
Management  and  Technology  high-risk  area. 

Audit  Type,  Dates,  and  Standards.  We  performed  this  program  audit  from 
January  through  June  1999  in  accordance  with  auditing  standards  issued  by  the 
Comptroller  General  of  the  United  States,  as  implemented  by  the  Inspector 
General,  DoD.  We  did  not  use  any  computer-processed  data  for  this  audit. 

Contacts  During  the  Audit.  We  visited  or  contacted  individuals  and 
organizations  within  DoD.  Further  details  are  available  on  request. 

Management  Control  Program.  We  did  not  review  the  management  control 
program  related  to  the  overall  audit  objective  because  DoD  recognized  the  Y2K 
issue  as  a  material  management  control  weakness  area  in  the  FY  1998  Annual 
Statement  of  Assurance. 


Summary  of  Prior  Coverage 


The  General  Accounting  Office  and  the  Inspector  General,  DoD,  have  conducted 
multiple  reviews  related  to  Y2K  issues.  General  Accounting  Office  reports  can  be 
accessed  over  the  Internet  at  http://www.gao.gov/.  Inspector  General,  DoD, 
reports  can  be  accessed  over  the  Internet  at  http://www.dodig.osd.mil/.  The 
previous  reports  most  relevant  to  the  subject  matter  of  this  report  are  listed  below. 


General  Accounting  Office 


General  Accounting  Office  Report  No.  AIMD  97-106,  “Defense  Computers: 
Issues  Confronting  the  Defense  Logistics  Agency  in  Addressing  Year  2000 
Problems,”  August  12, 1997. 


Inspector  General,  DoD 

Inspector  General,  DoD,  Report  No.  99-1 72,  “  Year  2000  Status  of  the  Army 
Total  Asset  Visibility  System,”  May  28, 1999. 
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Inspector  General,  DoD,  Report  No.  99-100,  “Year  2000  Computing  Issues: 
Defense  Logistics  Agency  Distribution  Standard  System,”  March  2,  1999. 

Inspector  General,  DoD,  Report  No.  99-082,  “Year  2000  Computing  Issues: 
Related  to  the  Defense  Automatic  Addressing  System  Center,”  February  1 8, 
1999. 
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Appendix  B.  Report  Distribution 


Office  of  the  Secretary  of  Defense 

Under  Secretary  of  Defense  for  Acquisition  and  Technology 
Deputy  Under  Secretary  of  Defense  (Logistics) 

Director,  Logistics  System  Modernization 
Director,  Defense  Logistics  Studies  Information  Exchange 
Under  Secretary  of  Defense  (Comptroller) 

Deputy  Chief  Financial  Officer 
Deputy  Comptroller  (Program/Budget) 

Assistant  Secretary  of  Defense  (Command,  Control,  Communications,  and  Intelligence) 
Deputy  Chief  Information  Officer  and  Deputy  Assistant  Secretary  of  Defense  (Chief 
Information  Officer,  Policy  and  Implementation) 

Principal  Director  for  Year  2000 

Department  of  the  Army 

Chief  Information  Officer,  Army 
Auditor  General,  Department  of  the  Army 
Inspector  General,  Department  of  the  Army 

Department  of  the  Navy 

Assistant  Secretary  of  the  Navy  (Financial  Management  and  Comptroller) 

Chief  Information  Officer,  Navy 

Auditor  General,  Department  of  the  Navy 

Inspector  General,  Department  of  the  Navy 

Superintendent,  Naval  Postgraduate  School 

Deputy  Naval  Inspector  General  for  Marine  Corps  Matters 

Department  of  the  Air  Force 

Assistant  Secretary  of  the  Air  Force  (Financial  Management  and  Comptroller) 

Chief  Information  Officer,  Air  Force 
Auditor  General,  Department  of  the  Air  Force 
Inspector  General,  Department  of  the  Air  Force 

Other  Defense  Organizations 

Director,  Defense  Contract  Audit  Agency 

Chief  Information  Officer,  Defense  Contract  Audit  Agency 
Director,  Defense  Information  Systems  Agency 

Inspector  General,  Defense  Information  Systems  Agency 
Chief  Information  Officer,  Defense  Information  Systems  Agency 


19 


Other  Defense  Organizations  (cont’d) 

Director,  Defense  Logistics  Agency 

Chief  Information  Officer,  Defense  Logistics  Agency 
Director,  National  Security  Agency 

Inspector  General,  National  Security  Agency 
Inspector  General,  Defense  Intelligence  Agency 
Inspector  General,  National  Imagery  and  Mapping  Agency 
Inspector  General,  National  Reconnaissance  Office 

Non-Defense  Federal  Organizations  and  Individuals 

Office  of  Management  and  Budget 
Office  of  Information  and  Regulatory  Affairs 

National  Security  Division  Special  Projects  Branch 
Federal  Chief  Information  Officers  Council 
General  Accounting  Office 

National  Security  and  International  Affairs  Division 
Technical  Information  Center 

Director,  Defense  Information  and  Financial  Management  Systems,  Accounting  and 
Information  Management  Division 
Inspector  General,  General  Services  Administration 

Congressional  Committees  and  Subcommittees,  Chairman  and 
Ranking  Minority  Member 

Senate  Committee  on  Appropriations 

Senate  Subcommittee  on  Defense,  Committee  on  Appropriations 

Senate  Committee  on  Armed  Services 

Senate  Committee  on  Governmental  Affairs 

Senate  Special  Committee  on  the  Year  2000  Technology  Problem 

House  Committee  on  Appropriations 

House  Subcommittee  on  Defense,  Committee  on  Appropriations 
House  Committee  on  Armed  Services 
House  Committee  on  Government  Reform 

House  Subcommittee  on  Government  Management,  Information,  and  Technology, 
Committee  on  Government  Reform 

House  Subcommittee  on  National  Security,  Veterans  Affairs,  and  International  Relations, 
Committee  on  Government  Reform 
House  Subcommittee  on  Technology,  Committee  on  Science 
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Defense  Logistics  Agency  Comments 


DEFENSE  LOGISTICS  AGENCY 
HEADQUARTERS 

8725  JOHN  J,  KINGMAN  ROAD,  SUITE  2535 
FT,  BELVOIR,  VIRGINIA  22060-622  T 

JW  281909 

MEMORANDUM  FOR  ASSISTANT  INSPECTOR  GENERAL  FOR  AUDITING, 

DEPARTMENT  OF  DEFENSE 

SUBJECT:  Year  2000  Computing  Issues:  Defense  logistics  Agency  - 
Standard  Automated  Materiel  Management  System 
(Project  so.  Sid-9021. 02) 


The  Defense  Logistics  Agency  (DLA)  has  reviewed  the  subjoct 
26  May  1999  draft  report  and  agrees  with  the  finding  and 
recommendation.  Detailed  comments  are  shown  below. 

FINDING;  Status  of  the  standard  Automated  Materiel  Management  System 
(SAMMS) rear  2000  Program.  DLA  and  it's  three  subordinate  supply 
Centers  had  tafcen  action  to  ensure  that  SAMMS  would  be  Y2K  compliant. 
Specifically,  DIi A; 

•  implemented  Y2K  contract  clauses 

•  allocated  necessary  funds 

•  implemented  an  information  assurance  program 

•  establish  management  Oversight  and  reporting 

•  prioritired  and  inventoried  mission-critical  systems  and 
infrastructure 

•  developed  contingency  and  test  plans,  and  performed  Y2K  testing 

However,  DLA  did  not  fully  comply  with  the  requirements  of  the 
DoD  Management  Plan.  DLA  did  not  comply  with  the  requirements  because 
it  did  not  fully  document  interfaces,  did  not  document  all  test 
results,  did  not  meet  the  y2K  certification  milestone  of  December  31, 

1998,  and  did  not  test  in  a  Y2K  compliant  domain.  Although  DLA  did 
not  fully  comply  with  the  DOD  Management  Plan,  it  subjected  SAMMS  to 
intensive  testing  before  certification.  Additional  testing  and  the 
logistics  end-to-end  testing  would  provide  further  assurance  that  the 
DLA  core  supply  mission  performed  by  SAMMS  would  be  Y2K  compliant. 

OIA  COMMENTS:  Concur,  The  Capstone  end-to-end  testing  is  underway 
beginning  on  May  25,  1999,  sod  scheduled  Tor  completion  on  July  18, 

1999. 

recommendation :  He  recommend  that  the  Director,  Defense  Logistics 
Agency,  review  the  Standard  Automated  Materiel  Management  System 
interfaces  to  ensure  that  the  critical  thread  interfaces  have  been 
identified  end  will  be  tested  during  the  logistics  functional  end-co¬ 
end  testing  that  is  scheduled  from  April  through  June  1999. 
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MA  CCMHSNSS:  Concur.  As  a  part  o #  the  Capstone  end-to-end  testing 
plan,  one  of  the  functions  was  to  assure  that  all  critical  thread 
interfaces  were  identified  and  included  in  the  test.  The  Capstone  end- 
to-end  testing  began  on  May  25,  1999,  and  is  scheduled  for  completion 
July  16,  1999. 


disposition:  Action  is  ongoing.  Estimated  Completion  Date:  July  16, 
1999. 


DEPUTY  DIRECTOR 


Audit  Team  Members 


The  Readiness  and  Logistics  Support  Directorate,  Office  of  the  Assistant 
Inspector  General  for  Auditing,  DoD,  prepared  this  report.  Personnel  of  the 
Office  of  the  Inspector  General,  DoD,  who  contributed  to  the  report  are  listed 
below. 

Shelton  R.  Young 
Tilghman  A.  Schraden 
Kathryn  L.  Palmer 
Arthur  J.  Maurer 
Debra  E.  Alford 
Robert  M.  Paluck 
Kayode  O.  Bamgbade 
Mary  K.  Reynolds 
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